br.com.itsme:commons (>=0.0.4-ALPHA <=0.0.5-ALPHA), cn.amossun:starter-event (>=1.2.0-RELEASE <=1.2.1-RELEASE) +234 more potentially affected by CVE-2021-22095 +1 more via org.springframework.amqp:spring-amqp (>=2.2.0.RELEASE <=2.2.1.RELEASE)

org.springframework.amqp:spring-amqp MAVEN version =2.2.0.RELEASE, =0.0.4-ALPHA, =1.2.0-RELEASE, =1.0, =0.2.0, =0.2.0, =0.2.0, =2.0.0-RC1, =1.0.0-RC1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =0.0.1-RELEASE, =0.0.1.RELEASE, =3.0.1.RELEASE and more Source cves: CVE-2021-22095, CVE-2021-2209...

cn.kduck:kduck-core (=1.1.0), cn.kduck:kduck-security (=1.1.0) +131 more potentially affected by CVE-2021-22095 +1 more via org.springframework.amqp:spring-amqp (>=2.3.0 <=2.3.10)

org.springframework.amqp:spring-amqp MAVEN version =2.3.0, =1.3.20, =1.0.0, =1.7, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.1 - com.lwohvye:eladmin-system =2.6.14 and more Source cves: CVE-2021-22095, CVE-2021-22097 Source advisory: OSV:GHSA-945Q-CH46-PCHG...

Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

GHSA-945Q-CH46-PCHG Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Code injection

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

UBUNTU-CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

CVE-2021-22095 affects Spring AMQP: versions 2.2.0–2.2.19 and 2.3.0–2.3.11. The toString() method of the Spring AMQP Message object creates a new String from the message body regardless of size, which can trigger an OutOfMemoryError on large messages. Public documents confirm the affected ranges ...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

Remote Code Execution (RCE)

spring-cloud-netflix-hystrix-dashboard is vulnerable to remote code execution. Lack of secure validation of request URI path allows an attacker to send a malicious request at /hystrix/monitor;user-provided data,causing execution of malicious code because path elements following hystrix/monitor ar...

GHSA-GX3F-HQ7P-8FXV Code injection in spring-cloud-netflix-hystrix-dashboard

Applications using the spring-cloud-netflix-hystrix-dashboard expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following hystrix/monitor are being evaluated ...

cn.iisme.cloud:iisme-demos-nacos-web (=1.0.1), cn.iisme:iisme-demos-nacos-web (=1.0.0) +26 more potentially affected by CVE-2021-22053 via org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard (>=1.0.0.RELEASE <=2.2.0.RELEASE)

org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard MAVEN version =1.0.0.RELEASE, =3.0.0, =1.1.0, =1.1.0, =1.0, =1.0, =1.0.4, =1.0.1, =1.0.0, =1.0.0, =1.0.3 and more Source cves: CVE-2021-22053 Source advisory: OSV:GHSA-GX3F-HQ7P-8FXV...

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

Design/Logic Flaw

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

CVE-2021-22053

CVE-2021-22053 affects Spring Cloud Netflix Hystrix Dashboard prior to 2.2.10 when used with spring-boot-starter-thymeleaf. The vulnerability arises because request URI path data is evaluated as SpringEL expressions during view template resolution (example: /hystrix/monitor;[data]), enabling remo...

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

VMware Spring Cloud Netflix 代码注入漏洞

Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...